Haider Mustafa | SOC Analyst Portfolio

SOC investigations, detections, SIEM work, and applied AI.

I investigate suspicious authentication, troubleshoot systems and workflows, work through host and network evidence, write detections, and build AI systems with clear operational use cases.

View projects Get in touch

SOC Analyst Detection Analyst Threat Monitoring Security Operations Technical Operations

Current target

UK SOC analyst, detection, threat monitoring, security operations, and technical operations roles.

Current focus

Splunk searches, SIEM correlation, troubleshooting, detection logic, incident triage, and applied AI model work.

Featured Investigation

TrickBot network and memory forensics.

A deeper DFIR case built from packet capture and memory evidence, with the findings written into a report to mirror a real analyst handoff.

Evidence PCAP + memory

Malware TrickBot

Cases 2 evidence paths

Output Findings report

Case 1 Traffic review

payload path isolated

Case 1 DLL recovered

TrickBot linked

Case 2 Memory review

process path traced

Result Attribution

host and user mapped

Open case study

Investigations DFIR, incident triage, and host-level review.

SIEM work Splunk searches, event correlation, and detection logic.

Applied AI Fine-tuning workflow, evaluation, and model adaptation.

Selected Projects

Security investigations, troubleshooting, and applied AI.

Featured Investigation

TrickBot network and memory forensics

Recovered a malicious DLL from network traffic, analysed memory artefacts, mapped likely infrastructure, and tied the activity back to the host and user involved.

Built for DFIR evidence handling

Includes Findings report and evidence trail

Workflow PCAP review and memory analysis

Wireshark Volatility TrickBot Memory Reporting

Case study

SOC Investigation

Authentication abuse to PowerShell execution

Windows authentication abuse followed by hidden PowerShell, outbound traffic, and scheduled task persistence, with the findings written into an analyst report and detection pack.

SPL / KQL / Sigma Readable summary Analyst report

Open case study

Technical Operations

Windows endpoint setup and troubleshooting

A practical support lab covering workstation setup, device checks, troubleshooting, and resolution notes for common Windows issues.

Windows PowerShell Event Viewer

Open project

Applied AI Build

Fine-tuning a compact model for phishing triage

Built and evaluated a LoRA fine-tuning pipeline for a compact phishing triage model that classifies suspicious messages and produces analyst-ready summaries.

LoRA Evaluation split Prompt design

Open project

Research Project

Concept drift in IoT intrusion detection

Security research on whether an IDS model stays reliable when network behaviour changes over time.

Operational reliability Final-year project

Open project

Network Simulation

Small office network simulation

Designed and validated a small office topology with DHCP, DNS, HTTP, and AAA services, then tested that the network behaved correctly end to end.

Cisco Packet Tracer DHCP / DNS AAA

Open project

Packet Analysis

Wireshark packet analysis

Captured and inspected DNS and HTTP traffic to show what plaintext protocols expose and why encrypted transport matters in practice.

Wireshark DNS HTTP

Open project

Key Skills

Key skills built through the work.

Incident triage

Evidence review, host attribution, and escalation decisions.

Working from artefacts and telemetry toward a defensible conclusion.

Splunk / SIEM

SPL searches, event correlation, detection writing, and alert tuning.

Using SIEM output to surface the highest-value events and move the investigation forward.

Troubleshooting

Failure diagnosis, root-cause review, and stable system recovery.

Working from symptoms, checks, and logs toward a reliable fix.

Reporting

Clear reporting for technical and non-technical readers.

Short summaries first, deeper analysis when it is needed.

Technical Operations

Support-minded work across setup, troubleshooting, and handoff.

Alongside the security projects, this is the operational side of the work: preparing systems for use, isolating faults, documenting fixes clearly, and keeping environments usable.

Windows Endpoint setup Troubleshooting Handoff notes

Troubleshooting Failure diagnosis, root-cause review, and stable recovery.

Working from symptoms, checks, and logs toward a reliable fix.

Device configuration Preparing endpoints, validating setup, and supporting handoff.

Configuring devices, checking readiness, and making sure the machine is usable.

Operational support Practical fixes and dependable communication in live environments.

Clear handoff, direct updates, and support work that keeps things moving.

Documentation Short notes, validation steps, and follow-up that others can use.

Writing the outcome clearly enough for the next person to pick it up fast.

Current Build Queue

Projects I am building next.

In progress

SOC alert to incident workflow simulation

Splunk Enterprise SPL queries Playbooks

Planned

Cloud misconfiguration detection lab

AWS IAM CloudTrail Guardrails

In progress

Phishing execution-chain review

Attachment path Process tree IOCs

In progress

Detection pack with tuning notes

PowerShell Auth abuse False-positive tuning

Certifications

Certifications in progress.

In progress

CompTIA Security+

Covering core security operations, threats, controls, and incident-response fundamentals.

Splunk Core Certified User

Aligned to SPL searches, dashboards, field work, and practical SIEM workflows.

Planned

Microsoft SC-200

Focused on Sentinel investigation, KQL, incident handling, and security operations workflow.

Background

Supporting context.

University of Reading

BSc Computer Science | Predicted First Class

Operating systems, networking, software systems design, AI, and security-focused final-year work.

Supporting experience

Home Made | Holland & Barrett | A&E Tuition

Four years of experience across customer-facing and operational roles, including device configuration, troubleshooting, and structured support in fast-moving environments.

Leadership

Pakistani Society President | MSA President

Leading teams, coordinating events, and handling stakeholders across large groups.

"What I appreciated most was his solution-oriented approach. When obstacles arose, Haider did not just point them out; he brought forward well-thought-out, scalable solutions that added value."

Recommendation from John Anning, Sales Team Lead at Home Made

Contact

Open to UK SOC analyst and security operations roles.

If you want someone who can investigate carefully, work across SIEM telemetry, and write clearly, send me a message.

hm4941394@gmail.com LinkedIn